Vulnerability Description
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red-M | Red-Alert | 2.7.5_v3.1_build_24 |
References
- http://genhex.org/releases/031003.txtVendor Advisory
- http://marc.info/?l=full-disclosure&m=107635119005407&w=2
- http://securitytracker.com/id?1009001ExploitPatchVendor Advisory
- http://www.osvdb.org/3952
- http://www.securiteam.com/securitynews/5SP0C0KC0A.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/353211Vendor Advisory
- http://www.securityfocus.com/bid/9618Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15088
- http://genhex.org/releases/031003.txtVendor Advisory
- http://marc.info/?l=full-disclosure&m=107635119005407&w=2
- http://securitytracker.com/id?1009001ExploitPatchVendor Advisory
- http://www.osvdb.org/3952
- http://www.securiteam.com/securitynews/5SP0C0KC0A.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/353211Vendor Advisory
- http://www.securityfocus.com/bid/9618Vendor Advisory
FAQ
What is CVE-2004-2079?
CVE-2004-2079 is a vulnerability with a CVSS score of 7.5 (HIGH). Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authen...
How severe is CVE-2004-2079?
CVE-2004-2079 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2079?
Check the references section above for vendor advisories and patch information. Affected products include: Red-M Red-Alert.